-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Tue, Jun 23, 2020 at 01:57:55AM -0400, Demi M. Obenour wrote: > On 2020-06-22 19:36, Andrew David Wong wrote:> You could also deny all calls > from `work` except for calls to dom0: > > > > ``` > > * * work dom0 allow > > * * work * deny > > ``` > > This seems to allow *all* calls from work to dom0, which probably > isn’t wanted.
This in fact depends where the rule is placed - if it's after more detailed rules denying specific services, then it will allow only some of them. But indeed the example is a bit unfortunate, as it may be dangerous when used directly. I'll update it with a different target than dom0. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl7x9l0ACgkQ24/THMrX 1yzyigf9FKTvTizGYoLZT8YQULp4dxK6bpYABPiRRpgmSKmvZAjXF7p5rX1Kmqbq wjfX+X91vNsskuT6PITYPErwertkY8+kP5qnl7NzaKGiAoWkhK75d7FFzElwQCxr ChkL5h8ZZzHqwVa/7FTM8l9pJone83+S9N8LUYW6dRzABbDGS67U20FS8UD2Z2DN 3TFb3eOB5adG9nSAn5TD0gXKPVTNsDFaulioTcFv+BfblNNsPfiJ4XGVhGO+KINT RG379aFdDpbNtilBrQPpbCNzo7n7LOw1OUos+KkdShTr1QcA6s3QXX4ceKJp0EqJ WArogFL2HtSreoX+GuZKcGGB90rG0Q== =ajUs -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20200623123229.GO1197%40mail-itl.
